Getting Started with Shield
editGetting Started with Shield
editThis getting started guide walks you through installing Shield, setting up basic authentication, and getting started with role-based access control. You can install Shield on nodes running Elasticsearch 2.1.2.
The Shield plugin must be installed on every node in the cluster. If you are installing to a live cluster, you must stop all of the nodes, install Shield, and restart the nodes. You cannot perform a rolling restart to install Shield.
To install and run Shield:
-
Run
bin/plugin install
fromES_HOME
to install the license plugin.bin/plugin install license
-
Run
bin/plugin install
to install the Shield plugin.bin/plugin install shield
If you are using a DEB/RPM distribution of Elasticsearch, you need to run the installation with superuser permissions. To perform an offline installation, download the Shield binaries.
-
Start Elasticsearch.
bin/elasticsearch
-
To verify that Shield is up and running, use the
_shield
API to get the Shield version:curl -u es_admin -XGET 'http://localhost:9200/_shield'
You can also check the startup log entries. When Shield is operating normally, the log indicates that the network transports are using Shield:
[2014-10-09 13:47:38,841][INFO ][transport ] [Ezekiel Stane] Using [org.elasticsearch.shield.transport.ShieldServerTransportService] as transport service, overridden by [shield] [2014-10-09 13:47:38,841][INFO ][transport ] [Ezekiel Stane] Using [org.elasticsearch.shield.transport.netty.ShieldNettyTransport] as transport, overridden by [shield] [2014-10-09 13:47:38,842][INFO ][http ] [Ezekiel Stane] Using [org.elasticsearch.shield.transport.netty.ShieldNettyHttpServerTransport] as http transport, overridden by [shield]
Now you’re ready to secure your cluster! Here are a few things you might want to do to start with: